YARA

For other uses, see Yara (disambiguation).

YARA is a tool primarily used in malware research and detection.

YARA
Designed by	Victor Alvarez
First appeared	2013
Stable release	4.5.4[1]  / 27 May 2025; 2 months ago (27 May 2025)
Filename extensions	.yara
Website	virustotal.github.io/yara

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression.^[2]

History

YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013.^[3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.^[4] In 2024, Alvarez announced that YARA would be superseded by a rewrite called YARA-X, written in Rust.^[5] A first stable version of YARA-X was released in June 2025, marking the passage of the original YARA into maintenance mode.^[6]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also

• Sigma
• Snort